disabling CORS good enough?

If a web application communicates with it’s back end via REST API, and that API is only meant to serve the web app and no other client, and if they communicate with each other on the same origin (应用宝官网-全网最新最热手机应用游戏下载), will I need authentication on that REST API at all? Will disabling CORS be good enough?
Sorry if the answer is obvious…this is not my area of expertise.

As it has been more than a few months since this topic was opened, and there has been no reply or further information provided as to the existence of the issue, we are closing this topic. Please don’t hesitate to create a new topic if this issue is still present, we would be happy to work with you to help find a resolution.